From f043a9ee967acc41d402497856359da6ca1e8a48 Mon Sep 17 00:00:00 2001
From: Kieran <kieran@harkin.me>
Date: Wed, 17 Jan 2024 16:34:44 +0000
Subject: [PATCH] chore: add extra headers

---
 packages/app/_headers | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/app/_headers b/packages/app/_headers
index 46544d63..e1402fcf 100644
--- a/packages/app/_headers
+++ b/packages/app/_headers
@@ -1,2 +1,5 @@
 /*
-  Content-Security-Policy: default-src 'self'; manifest-src *; child-src 'none'; worker-src 'self'; frame-src youtube.com www.youtube.com https://platform.twitter.com https://embed.tidal.com https://w.soundcloud.com https://www.mixcloud.com https://open.spotify.com https://player.twitch.tv https://embed.music.apple.com https://nostrnests.com https://embed.wavlake.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; connect-src *; img-src * data: blob:; font-src 'self'; media-src * blob:; script-src 'self' 'wasm-unsafe-eval' https://analytics.v0l.io https://platform.twitter.com https://embed.tidal.com https://challenges.cloudflare.com;
\ No newline at end of file
+  Content-Security-Policy: default-src 'self'; manifest-src *; child-src 'none'; worker-src 'self'; frame-src youtube.com www.youtube.com https://platform.twitter.com https://embed.tidal.com https://w.soundcloud.com https://www.mixcloud.com https://open.spotify.com https://player.twitch.tv https://embed.music.apple.com https://nostrnests.com https://embed.wavlake.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; connect-src *; img-src * data: blob:; font-src 'self'; media-src * blob:; script-src 'self' 'wasm-unsafe-eval' https://analytics.v0l.io https://platform.twitter.com https://embed.tidal.com https://challenges.cloudflare.com;
+  Cross-Origin-Resource-Policy: "corss-origin;
+  Cross-Origin-Opener-Policy: "same-origin";
+  Cross-Origin-Embedder-Policy: "credentialless";
\ No newline at end of file